build(deps): bump the pip group across 1 directory with 15 updates

[dependabot]

Bumps the pip group with 5 updates in the / directory:

Package	From	To
litellm	1.34.18	1.44.8
azure-identity	1.15.0	1.16.1
llama-index-core	0.10.26	0.10.38
scikit-learn	1.4.1.post1	1.5.0
starlette	0.36.3	0.40.0

Updates litellm from 1.34.18 to 1.44.8

Release notes

Sourced from litellm's releases.

v1.52.15-stable

Full Changelog: BerriAI/litellm@v1.52.15...v1.52.15-stable

Docker Run LiteLLM Proxy

docker run \
-e STORE_MODEL_IN_DB=True \
-p 4000:4000 \
ghcr.io/berriai/litellm:litellm_stable_nov27-stable

Don't want to maintain your internal proxy? get in touch 🎉

Hosted Proxy Alpha: https://calendly.com/d/4mp-gd3-k5k/litellm-1-1-onboarding-chat

Load Test LiteLLM Proxy Results

Name	Status	Median Response Time (ms)	Average Response Time (ms)	Requests/s	Failures/s	Request Count	Failure Count	Min Response Time (ms)	Max Response Time (ms)
/chat/completions	Passed ✅	200.0	221.52349298020383	6.244722043862887	0.0	1869	0	181.6640519999737	2200.3593760000513
Aggregated	Passed ✅	200.0	221.52349298020383	6.244722043862887	0.0	1869	0	181.6640519999737	2200.3593760000513

v1.52.15.staging1

Full Changelog: BerriAI/litellm@v1.52.15...v1.52.15.staging1

Docker Run LiteLLM Proxy

docker run \
-e STORE_MODEL_IN_DB=True \
-p 4000:4000 \
ghcr.io/berriai/litellm:main-v1.52.15.staging1

Don't want to maintain your internal proxy? get in touch 🎉

Hosted Proxy Alpha: https://calendly.com/d/4mp-gd3-k5k/litellm-1-1-onboarding-chat

Load Test LiteLLM Proxy Results

Name	Status	Median Response Time (ms)	Average Response Time (ms)	Requests/s	Failures/s	Request Count	Failure Count	Min Response Time (ms)	Max Response Time (ms)
/chat/completions	Passed ✅	250.0	278.6646185965574	6.211416620977041	0.0033412676820747935	1859	1	217.41687699994827	3149.612769999976
Aggregated	Passed ✅	250.0	278.6646185965574	6.211416620977041	0.0033412676820747935	1859	1	217.41687699994827	3149.612769999976

... (truncated)

Commits

• 60381ff test: fix assert string on test
• 65097d5 fix(proxy/utils.py): fix model dump to exclude none values
• f9034ff test: rename test to run earlier
• 84137af test: fix test
• 76c38c6 build(model_prices_and_context_window.json): add bedrock mistral small
• 1f3dd43 fix pass through rerank requests tests
• 1a106a4 mark vertex tests as flaky
• 00cfd31 docs(vertex_ai.md): fix dead link
• b373320 mark test as flaky
• 3cec009 test(test_embeddings.py): fix test
• Additional commits viewable in compare view

Updates aiohttp from 3.9.3 to 3.11.8

Release notes

Sourced from aiohttp's releases.

3.11.8

Miscellaneous internal changes

• Improved performance of creating :class:aiohttp.ClientResponse objects when there are no cookies -- by :user:bdraco.

  Related issues and pull requests on GitHub: #10029.

• Improved performance of creating :class:aiohttp.ClientResponse objects -- by :user:bdraco.

  Related issues and pull requests on GitHub: #10030.

• Improved performances of creating objects during the HTTP request lifecycle -- by :user:bdraco.

  Related issues and pull requests on GitHub: #10037.

• Improved performance of constructing :class:aiohttp.web.Response with headers -- by :user:bdraco.

  Related issues and pull requests on GitHub: #10043.

• Improved performance of making requests when there are no auto headers to skip -- by :user:bdraco.

  Related issues and pull requests on GitHub: #10049.

• Downgraded logging of invalid HTTP method exceptions on the first request to debug level -- by :user:bdraco.

  HTTP requests starting with an invalid method are relatively common, especially when connected to the public internet, because browsers or other clients may try to speak SSL to a plain-text server or vice-versa. These exceptions can quickly fill the log with noise when nothing is wrong.

  Related issues and pull requests on GitHub:

... (truncated)

Changelog

Sourced from aiohttp's changelog.

3.11.8 (2024-11-27)

Miscellaneous internal changes

• Improved performance of creating :class:aiohttp.ClientResponse objects when there are no cookies -- by :user:bdraco.

  Related issues and pull requests on GitHub: :issue:10029.

• Improved performance of creating :class:aiohttp.ClientResponse objects -- by :user:bdraco.

  Related issues and pull requests on GitHub: :issue:10030.

• Improved performances of creating objects during the HTTP request lifecycle -- by :user:bdraco.

  Related issues and pull requests on GitHub: :issue:10037.

• Improved performance of constructing :class:aiohttp.web.Response with headers -- by :user:bdraco.

  Related issues and pull requests on GitHub: :issue:10043.

• Improved performance of making requests when there are no auto headers to skip -- by :user:bdraco.

  Related issues and pull requests on GitHub: :issue:10049.

• Downgraded logging of invalid HTTP method exceptions on the first request to debug level -- by :user:bdraco.

  HTTP requests starting with an invalid method are relatively common, especially when connected to the public internet, because browsers or other clients may try to speak SSL to a plain-text server or vice-versa. These exceptions can quickly fill the log with noise when nothing is wrong.

... (truncated)

Commits

• 5ddf720 Release 3.11.8 (#10066)
• 13152c3 [PR #10055/c11fe96 backport][3.11] Downgrade logging of invalid HTTP methods ...
• 1b78cae [PR #10059/aac6f741 backport][3.11] Combine executor jobs in FileResponse sen...
• a5a6981 [PR #10058/12372d7 backport][3.11] Remove unreachable content length check fo...
• 7e628f4 [PR #8699/11f0e7f backport][3.11] Reduce code indent in ResponseHandler.data_...
• 1a6fafe [PR #10037/2e369db backport][3.11] Refactor requests and responses to use cla...
• 653302e [PR #10049/006fbc37 backport][3.11] Improve client performance when there are...
• d411bc5 [PR #10043/5255cec backport][3.11] Avoid constructing headers mulitidict twic...
• 3dfd7ae Bump pypa/cibuildwheel from 2.21.3 to 2.22.0 (#10042)
• 65dab0e [PR #10038/6f4e9615 backport][3.11] Small speed up to StreamWriter.__init__...
• Additional commits viewable in compare view

Updates azure-identity from 1.15.0 to 1.16.1

Commits

• 6a07fc9 [Identity] Fix device code tests (#35846)
• e16a704 [Identity] Add Azure Arc key validation checks
• 95c5f2a Update release dates (#35091)
• c58bfa7 [Identity] Adjust IMDS retry backoff (#35070)
• 6680ffc [Identity] Update broker docs (#35032)
• 1ade699 [Identity] Update live test config (#35019)
• 66efa24 Update Authorization Code client_secret kwarg usage (#34862)
• 6f79b4d Fix WAM default account code sample (#35007)
• 4348985 Update default broker account sample (#35003)
• 0527e86 [skip ci] Delete azure-devtools and deps/references
• Additional commits viewable in compare view

Updates certifi from 2024.2.2 to 2024.8.30

Commits

• 325c2fd 2024.08.30 (#304)
• d66bf5f Bump actions/upload-artifact from 4.3.5 to 4.3.6 (#302)
• 2150f23 Bump actions/upload-artifact from 4.3.4 to 4.3.5 (#301)
• fc9b771 Bump actions/setup-python from 5.1.0 to 5.1.1 (#300)
• 965b239 Bump actions/download-artifact from 4.1.7 to 4.1.8 (#297)
• c1f50cc Bump actions/upload-artifact from 4.3.3 to 4.3.4 (#296)
• bd81538 2024.07.04 (#295)
• 06a2cbf Bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (#294)
• 13bba02 Bump actions/checkout from 4.1.6 to 4.1.7 (#293)
• e8abcd0 Bump pypa/gh-action-pypi-publish from 1.8.14 to 1.9.0 (#292)
• Additional commits viewable in compare view

Updates cryptography from 42.0.5 to 44.0.0

Changelog

Sourced from cryptography's changelog.

44.0.0 - 2024-11-27

* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 3.9.
* Deprecated Python 3.7 support. Python 3.7 is no longer supported by the
  Python core team. Support for Python 3.7 will be removed in a future
  ``cryptography`` release.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.4.0.
* macOS wheels are now built against the macOS 10.13 SDK. Users on older
  versions of macOS should upgrade, or they will need to build
  ``cryptography`` themselves.
* Enforce the :rfc:`5280` requirement that extended key usage extensions must
  not be empty.
* Added support for timestamp extraction to the
  :class:`~cryptography.fernet.MultiFernet` class.
* Relax the Authority Key Identifier requirements on root CA certificates
  during X.509 verification to allow fields permitted by :rfc:`5280` but
  forbidden by the CA/Browser BRs.
* Added support for :class:`~cryptography.hazmat.primitives.kdf.argon2.Argon2id`
  when using OpenSSL 3.2.0+.
* Added support for the :class:`~cryptography.x509.Admissions` certificate extension.
* Added basic support for PKCS7 decryption (including S/MIME 3.2) via
  :func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_der`,
  :func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_pem`, and
  :func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_smime`.
.. _v43-0-3:
43.0.3 - 2024-10-18

• Fixed release metadata for cryptography-vectors

.. _v43-0-2:

43.0.2 - 2024-10-18

* Fixed compilation when using LibreSSL 4.0.0.
.. _v43-0-1:
43.0.1 - 2024-09-03

• Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.3.2.

.. _v43-0-0:

43.0.0 - 2024-07-20

... (truncated)

Commits

• f299a48 remove deprecated call (#12052)
• 439eb05 Bump version for 44.0.0 (#12051)
• 2c5ad4d chore(deps): bump maturin from 1.7.4 to 1.7.5 in /.github/requirements (#12050)
• d23968a chore(deps): bump libc from 0.2.165 to 0.2.166 (#12049)
• 133c0e0 Bump x509-limbo and/or wycheproof in CI (#12047)
• f2259d7 Bump BoringSSL and/or OpenSSL in CI (#12046)
• e201c87 fixed metadata in changelog (#12044)
• c6104cc Prohibit Python 3.9.0, 3.9.1 -- they have a bug that causes errors (#12045)
• d6cac75 Add support for decrypting S/MIME messages (#11555)
• b8e5bfd chore(deps): bump libc from 0.2.164 to 0.2.165 (#12042)
• Additional commits viewable in compare view

Updates idna from 3.6 to 3.10

Release notes

Sourced from idna's releases.

v3.10

No release notes provided.

v3.9

No release notes provided.

v3.8

What's Changed

• Fix regression where IDNAError exception was not being produced for certain inputs.
• Add support for Python 3.13, drop support for Python 3.5 as it is no longer testable.
• Documentation improvements
• Updates to package testing using Github actions

Thanks to Hugo van Kemenade for contributions to this release.

Full Changelog: kjd/idna@v3.7...v3.8

v3.7

What's Changed

• Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Full Changelog: kjd/idna@v3.6...v3.7

Changelog

Sourced from idna's changelog.

3.10 (2024-09-15) +++++++++++++++++

• Reverted to Unicode 15.1.0 data. Unicode 16 has some significant changes to UTS46 processing that will require more work to properly implement.

3.9 (2024-09-13) ++++++++++++++++

• Update to Unicode 16.0.0
• Deprecate setup.cfg in favour of pyproject.toml
• Use ruff for code formatting

Thanks to Waket Zheng for contributions to this release.

3.8 (2024-08-23) ++++++++++++++++

• Fix regression where IDNAError exception was not being produced for certain inputs.
• Add support for Python 3.13, drop support for Python 3.5 as it is no longer testable.
• Documentation improvements
• Updates to package testing using Github actions

Thanks to Hugo van Kemenade for contributions to this release.

3.7 (2024-04-11) ++++++++++++++++

• Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Commits

• 729225d Release v3.10
• 3eef168 Merge pull request #194 from kjd/revert-unicode-16
• ceca619 Revert Unicode 16.0.0 data updates
• c43ac75 Merge pull request #191 from kjd/release-3.9
• 1b8800a Release v3.9
• a1fd168 Merge pull request #190 from kjd/unicode-16
• 7732c61 Merge branch 'master' into unicode-16
• 4ed183d Refactor membership test
• 762216b Format with ruff
• 580ece9 Implement changes to UTS46 algorithm
• Additional commits viewable in compare view

Updates llama-index-core from 0.10.26 to 0.10.38

Release notes

Sourced from llama-index-core's releases.

v0.10.38

No release notes provided.

v0.10.37

No release notes provided.

v0.10.36

No release notes provided.

2024-05-07 (v0.10.35)

llama-index-agent-introspective [0.1.0]

• Add CRITIC and reflection agent integrations (#13108)

llama-index-core [0.10.35]

• fix from_defaults() erasing summary memory buffer history (#13325)
• use existing async event loop instead of asyncio.run() in core (#13309)
• fix async streaming from query engine in condense question chat engine (#13306)
• Handle ValueError in extract_table_summaries in element node parsers (#13318)
• Handle llm properly for QASummaryQueryEngineBuilder and RouterQueryEngine (#13281)
• expand instrumentation payloads (#13302)
• Fix Bug in sql join statement missing schema (#13277)

llama-index-embeddings-jinaai [0.1.5]

• add encoding_type parameters in JinaEmbedding class (#13172)
• fix encoding type access in JinaEmbeddings (#13315)

llama-index-embeddings-nvidia [0.1.0]

• add nvidia nim embeddings support (#13177)

llama-index-llms-mistralai [0.1.12]

• Fix async issue when streaming with Mistral AI (#13292)

llama-index-llms-nvidia [0.1.0]

• add nvidia nim llm support (#13176)

llama-index-postprocessor-nvidia-rerank [0.1.0]

• add nvidia nim rerank support (#13178)

llama-index-readers-file [0.1.21]

• Update MarkdownReader to parse text before first header (#13327)

llama-index-readers-web [0.1.13]

... (truncated)

Changelog

Sourced from llama-index-core's changelog.

llama-index-core [0.10.38]

• Enabling streaming in BaseSQLTableQueryEngine (#13599)
• Fix nonetype errors in relational node parsers (#13615)
• feat(instrumentation): new spans for ALL llms (#13565)
• Properly Limit the number of generated questions (#13596)
• Pass 'exclude_llm_metadata_keys' and 'exclude_embed_metadata_keys' in element Node Parsers (#13567)
• Add batch mode to QueryPipeline (#13203)
• Improve SentenceEmbeddingOptimizer to respect Settings.embed_model (#13514)
• ReAct output parser robustness changes (#13459)
• fix for pydantic tool calling with a single argument (#13522)
• Avoid unexpected error when stream chat doesn't yield (#13422)

llama-index-embeddings-nomic [0.2.0]

• Implement local Nomic Embed with the inference_mode parameter (#13607)

llama-index-embeddings-nvidia [0.1.3]

• Deprecate mode() in favor of __init__(base_url=...) (#13572)
• add snowflake/arctic-embed-l support (#13555)

llama-index-embeddings-openai [0.1.10]

• update how retries get triggered for openai (#13608)

llama-index-embeddings-upstage [0.1.0]

• Integrations: upstage LLM and Embeddings (#13193)

llama-index-llms-gemini [0.1.8]

• feat: add gemini new models to multimodal LLM and regular (#13539)

llama-index-llms-groq [0.1.4]

• fix: enable tool use (#13566)

llama-index-llms-lmstudio [0.1.0]

• Add support for lmstudio integration (#13557)

llama-index-llms-nvidia [0.1.3]

• Deprecate mode() in favor of __init__(base_url=...) (#13572)

llama-index-llms-openai [0.1.20]

• update how retries get triggered for openai (#13608)

... (truncated)

Commits

• 50693eb v0.10.38 (#13634)
• 5f399a4 chore: fix typo (#13636)
• 90cf6a9 Enabling streaming in BaseSQLTableQueryEngine (#13599)
• 0db0cbe Fix errors of embedded table parsing (#13615)
• b469843 fix multion colab badge (#13628)
• 34052ff Disconnect when deleted. (#13611)
• 343f944 fix: SimpleMongoReader should allow optional fields in metadata (#13575)
• bacded3 Feat/lmstudio integration (#13557)
• 92d3177 Cassandra database tool (#13423)
• cad1eaf temp unblock actions (#13632)
• Additional commits viewable in compare view

Updates nltk from 3.8.1 to 3.9.1

Changelog

Sourced from nltk's changelog.

Version 3.9.1 2024-08-19

• Fixed bug that prevented wordnet from loading

Version 3.9 2024-08-18

• Fix security vulnerability CVE-2024-39705 (breaking change)
• Replace pickled models (punkt, chunker, taggers) by new pickle-free "_tab" packages
• No longer sort Wordnet synsets and relations (sort in calling function when required)
• Only strip the last suffix in Wordnet Morphy, thus restricting synsets() results
• Add Python 3.12 support
• Many other minor fixes

Thanks to the following contributors to 3.8.2: Tom Aarsen, Cat Lee Ball, Veralara Bernhard, Carlos Brandt, Konstantin Chernyshev, Michael Higgins, Eric Kafe, Vivek Kalyan, David Lukes, Rob Malouf, purificant, Alex Rudnick, Liling Tan, Akihiro Yamazaki.

Version 3.8.1 2023-01-02

• Resolve RCE vulnerability in localhost WordNet Browser (#3100)
• Remove unused tool scripts (#3099)
• Resolve XSS vulnerability in localhost WordNet Browser (#3096)
• Add Python 3.11 support (#3090)

Thanks to the following contributors to 3.8.1: Francis Bond, John Vandenberg, Tom Aarsen

Version 3.8 2022-12-12

• Refactor dispersion plot (#3082)
• Provide type hints for LazyCorpusLoader variables (#3081)
• Throw warning when LanguageModel is initialized with incorrect vocabulary (#3080)
• Fix WordNet's all_synsets() function (#3078)
• Resolve TreebankWordDetokenizer inconsistency with end-of-string contractions (#3070)
• Support both iso639-3 codes and BCP-47 language tags (#3060)
• Avoid DeprecationWarning in Regexp tokenizer (#3055)
• Fix many doctests, add doctests to CI (#3054, #3050, #3048)
• Fix bool field not being read in VerbNet (#3044)
• Greatly improve time efficiency of SyllableTokenizer when tokenizing numbers (#3042)
• Fix encodings of Polish udhr corpus reader (#3038)
• Allow TweetTokenizer to tokenize emoji flag sequences (#3034)
• Prevent LazyModule from increasing the size of nltk.dict (#3033)
• Fix CoreNLPServer non-default port issue (#3031)
• Add "acion" suffix to the Spanish SnowballStemmer (#3030)
• Allow loading WordNet without OMW (#3026)
• Use input() in nltk.chat.chatbot() for Jupyter support (#3022)
• Fix edit_distance_align() in distance.py (#3017)
• Tackle performance and accuracy regression of sentence tokenizer since NLTK 3.6.6 (#3014)
• Add the Iota operator to semantic logic (#3010)
• Resolve critical errors in WordNet app (#3008)
• Resolve critical error in CHILDES Corpus (#2998)
• Make WordNet information_content() accept adjective satellites (#2995)

... (truncated)

Commits

• aca78cb Bump version to 3.9.1
• 980f435 Merge branch 'develop' of https://github.com/nltk/nltk into develop
• 24936a2 Bump version to 3.9
• 04d6a55 Merge pull request #3145 from ekaf/hotfix-3072
• 4fb225b Merge pull request #3225 from ekaf/morphy
• 344164b Merge pull request #3307 from ekaf/https_download
• f77e898 Ensure https download
• c222897 Merge branch 'develop' of https://github.com/nltk/nltk into develop
• 34c3a4a Merge branch 'develop' of https://github.com/nltk/nltk into develop
• 253dd3a add black
• Additional commits viewable in compare view

Updates requests from 2.31.0 to 2.32.3

Release notes

Sourced from requests's releases.

v2.32.3

2.32.3 (2024-05-29)

Bugfixes

• Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. (#6716)
• Fixed issue where Requests started failing to run on Python versions compiled without the ssl module. (#6724)

v2.32.2

2.32.2 (2024-05-21)

Deprecations

• To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

  A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

v2.32.1

2.32.1 (2024-05-20)

Bugfixes

• Add missing test certs to the sdist distributed on PyPI.

v2.32.0

2.32.0 (2024-05-20)

🐍 PYCON US 2024 EDITION 🐍

Security

• Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

• verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
• Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored.

... (truncated)

Changelog

Sourced from requests's changelog.

2.32.3 (2024-05-29)

Bugfixes

• Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. (#6716)
• Fixed issue where Requests started failing to run on Python versions compiled without the ssl module. (#6724)

2.32.2 (2024-05-21)

Deprecations

• To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

  A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

2.32.1 (2024-05-20)

Bugfixes

• Add missing test certs to the sdist distributed on PyPI.

2.32.0 (2024-05-20)

Security

• Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

• verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
• Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

... (truncated)

Commits

• 0e322af v2.32.3
• e188799 Don't create default SSLContext if ssl module isn't present (#6724)
• 145b539 Merge pull request #6716 from sigmavirus24/bug/6715
• b1d73dd Don't use default SSLContext with custom poolmanager kwargs
• 6badbac Update HISTORY.md
• a62a2d3 Allow for overriding of specific pool key params
• 88dce9d v2.32.2
• c98e4d1 Merge pull request #6710 from nateprewitt/api_rename
• 92075b3 Add deprecation warning
• aa1461b Move _get_connection to get_connection_with_tls_context
• Additional commits viewable in compare view

Updates scikit-learn from 1.4.1.post1 to 1.5.0

Release notes

Sourced from scikit-learn's releases.

Scikit-learn 1.5.0

We're happy to announce the 1.5.0 release.

You can read the release highlights under https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html and the long version of the change log under https://scikit-learn.org/stable/whats_new/v1.5.html

This version supports Python versions 3.9 to 3.12.

You can upgrade with pip as usual:

pip install -U scikit-learn

The conda-forge builds can be installed using:

conda install -c conda-forge scikit-learn

Scikit-learn 1.4.2

We're happy to announce the 1.4.2 release.

This release only includes support for numpy 2.

This version supports Python versions 3.9 to 3.12.

You can upgrade with pip as usual:

pip install -U scikit-learn

Commits

• b51d0c9 trigger whell builder [cd build]
• 919ae9b MAINT Reoder what's new for 1.5 (#29039)
• 0ac28ad DOC Release highlights 1.5 (#29007)
• 729b54d test py3.12 against numpy 2 [cd build]
• 1e50434 set version
• ffbe4ab DOC remove obsolete SVM example (#27108)
• 4647729 DOC Fix time complexity of MLP (#28592)
• 9bd7047 FIX convergence criterion of MeanShift (#28951)
• b79420f FIX add long long for int32/int64 windows compat in NumPy 2.0 (#29029)
• 37f544d DOC replace pandas with Polars in examples/gaussian_process/plot_gpr_co2.py (...
• Additional commits viewable in compare view

Updates setuptools from 69.2.0 to 75.6.0

Changelog

Sourced from setuptools's changelog.

v75.6.0

Features

• Preserve original PKG-INFO into METADATA when creating wheel (instead of calling wheel.metadata.pkginfo_to_metadata). This helps to be more compliant with the flow specified in PEP 517. (#4701)
• Changed the WindowsSdkVersion, FrameworkVersion32 and FrameworkVersion64 properties of setuptools.msvc.PlatformInfo to return an empty tuple instead of None as a fallthrough case -- by :user:Avasam (#4754)

v75.5.0

Features

• Removed support for SETUPTOOLS_DANGEROUSLY_SKIP_PYPROJECT_VALIDATION, as it is deemed prone to errors. (#4746)

v75.4.0

Features

• Added support for the environment variable SETUPTOOLS_DANGEROUSLY_SKIP_PYPROJECT_VALIDATION=true, allowing users to bypass the validation of pyproject.toml. This option should be used only as a last resort when resolving dependency issues, as it may lead to improper functioning. Users who enable this setting are responsible for ensuring that pyproject.toml complies with setuptools requirements. (#4611)

  .. attention:: This environment variable was removed in a later version of setuptools.

• Require Python 3.9 or later. (#4718)

• Remove dependency on importlib_resources and the vendored copy of the library. Instead, setuptools consistently rely on stdlib's importlib.resources (available on Python 3.9+). (#4718)

• Setuptools' bdist_wheel implementation no longer produces wheels with the m SOABI flag (pymalloc-related). This flag was removed on Python 3.8+ (see :obj:sys.abiflags). (#4718)

• Updated vendored packaging version to 24.2. (#4740)

... (truncated)

Commits

• bf2ced2 Bump version: 75.5.0 → 75.6.0
• 8685c80 Empty tuple instead of None for PlatformInfo version properties fallthrough (...
• 50d671b Rename news fragment
• 2b471c2 Changed the WindowsSdkVersion, FrameworkVersion32 and ``FrameworkVers...
• 2c77cd2 Runtime typing fixes for typeshed return type merge (#4753
• 9a4c8d4 Runtime typing fixes for typeshed return type merge
• e622859 Preserve original PKG-INFO contents when creating wheel (instead of calling...
• 0b5b417 Mark tests that may depend on external network
• a4fa01d Add news fragment
• 089aca9 Ignore coverage in test code
• Additional commits viewable in compare view

Updates starlette from 0.36.3 to 0.40.0

Release notes

Sourced from starlette's releases.

Version 0.40.0

This release fixes a Denial of service (DoS) via multipart/form-data requests.

You can view the full security advisory: GHSA-f96h-pmfr-66vw

Fixed

• Add max_part_size to MultiPartParser to limit the size of parts in multipart/form-data requests fd038f3.

Version 0.39.2

Fixed

• Allow use of request.url_for when only "app" scope is available #2672.
• Fix internal type hints to support python-multipart==0.0.12 #2708.

---

Full Changelog: Kludex/starlette@0.39.1...0.39.2

Version 0.39.1

Fixed

• Avoid regex re-compilation in responses.py and schemas.py #2700.
• Improve performance of get_route_path by removing regular expression usage #2701.
• Consider FileResponse.chunk_size when handling multiple ranges #2703.
• Use token_hex for generating multipart boundary strings #2702.

---

Full Changelog: Kludex/starlette@0.39.0...0.39.1

Version 0.39.0

Added

• Add support for HTTP Range to FileResponse #2697

---

Full Changelog: Kludex/starlette@0.38.6...0.39.0

Version 0.38.6

Fixed

• Close unclosed MemoryObjectReceiveStream in TestClient #2693.

---

Full Changelog: Kludex/starlette@0.38.5...0.38.6

... (truncated)

Changelog

Sourced from starlette's changelog.

0.40.0 (October 15, 2024)

This release fixes a Denial of service (DoS) via multipart/form-data requests.

You can view the full security advisory: GHSA-f96h-pmfr-66vw

Fixed

• Add max_part_size to MultiPartParser to limit the size of parts in multipart/form-data requests fd038f3.

0.39.2 (September 29, 2024)

Fixed

• Allow use of request.url_for when only "app" scope is available #2672.
• Fix internal type hints to support python-multipart==0.0.12 #2708.

0.39.1 (September 25, 2024)

Fixed

• Avoid regex re-compilation in responses.py and schemas.py #2700.
• Improve performance of get_route_path by removing regular expression usage #2701.
• Consider FileResponse.chunk_size when handling multiple ran...

  Description has been truncated

[bolt-new-by-stackblitz]

Run & review this pull request in StackBlitz Codeflow.